Azure Governance
Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.
More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.
Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups
-
Provide description of type
Provide a way to get a description of each type in the resource graph, much like the first "Type" field (display name of resource type) in the "All resources" pane in the Azure portal
2 votes -
GitOps
How does this work with GitOps?
2 votes -
Prevent Owner role unless MFA enabled
We have a requirement to ensure all Owners have MFA enabled, using Conditional access policies we can only assign Global Admins not Owners, so would appreciate a way within a management group to ensure the "owner" of the subscription has MFA enabled, which we could assign by policy instead of audit, adding enforce MFA for Owner
2 votesI am going to move this item to Azure Policy as this would be something they could enforce on the MG scope.
-
Description to Role Assignment
Add descriptions to Role assignment when value must be specified that shows up when assigning the blueprint to an Subscription.
2 votes -
Allow more than 100 items to be exported in azure resource graph
Allow more than 100 items to be exported in azure resource graph
If a limit is needed, 100 seems a bit small2 votes -
Allow use of resourceGroup() functions within a resource group artifact
When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'
2 votesWe are working on a fix to make sure all ARM template functions work if they are deployed by a blueprint
-
Blueprints for Resource Groups
I would love to have the blueprints for resource groups as well.
To quote from your documentation:
'With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.'
Replace "subscription" with "resource group" in the text above and there you have my request. :)
2 votes -
Get policy state return all objects
When getting policy state it only returns non-compliant objects. If the results returned all objects it would be easier to get an overview of compliance status for the environment.
2 votes -
Azure Policy - Extend policy aliases for Microsoft.Datamigration provider
Create aliases for objects within services/projects to allow auditing or enforcement of authentication/encryption options on new migrations.
1 vote -
Allow adding Azure Policy initiative parameters later on (after you've saved and closed out of it)
Presently you can only add initiative parameters upon first creation of the initiative. Once you save it and go back in to edit you can no longer add parameters. This is very inflexible and requires you to know everything you want in the initiative up front.
1 voteThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
PCI DSS 3.2.1 BluePrint
1- After creating a blueprint by using the new PCI DSS 3.2.1 one, I've seen that the it has only the following which I believe is not the complete list. Is this an issue or it's due to being still Preview?
*Deploy Threat Detection on SQL servers
*Require encryption on Data Lake Store accounts
*Allowed locations
*Deploy Auditing on SQL servers
*Deploy SQL DB transparent data encryption
*Allowed locations for resource groups2- Will this blueprint provide guidence on what Azure Resources should used for PCI DSS Compliance? As an example the previous blueprints page was stating that ASE (App…
1 vote -
Azure Policy - Need a policy alias for Microsoft.RecoveryServices/vaults/monitoringConfigurations
In order to create an azure policy that audits recovery vaults that do not have backup alerts enabled, there should be an alias for the monitoringConfigurations property.
1 vote -
Add Meter Category/Service Name in resource graph
The category type Meter category, which is available at billing modul is not available at resource graph.
It is only the resource type category available, that is not the same as meter category.
So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.1 vote -
Blueprints do not create managed identities for deployifnotexist policy initiatives
Currently Azure Blueprints can assign policy initiatives but do not properly create the managed service identity for deployifnotexist policy definitions within the initiative. This needs to be corrected as that is basic functionality of a policy initiative assignment. The managed identity is created correctly if directly assigning the policy definition outside of an initiative.
1 vote -
Ability to query SQL Server firewall rules
Please add support for type :
Microsoft.Sql/servers/firewallRules
1 vote -
Ability to query arrays without specifying an index
Please introduce new operators like all_of() & any_of() for array members query.
Today I have to specify an index if I want to query alertRules with a specific property value, ie:
where type =~ 'microsoft.insights/alertrules'
| where properties.actions[0].sendToServiceOwners == "true"I would like a way to query if any or all items in the array are matching
1 vote -
Renaming Azure Management Group to Azure Subscription Group
Azure Management Group should have been called/renamed to Azure Subscription Group for subscription grouping, analogous to Resource Group for resource grouping. Subscription Group is much more specific and descriptive than Management Group to indicate subscription grouping.
1 vote -
Bug: If tags are appended by Built-In Policy they do not appear on UI and Powershell before you update resource tags
Hi,
There is a bug in Policy and Resource tags.
If you use policies to append tags & values to Resource from Resource Group those appended tags and values do not appear in resource, before you update tags by Azure Portal UI. Right away when you example add new tag and press save button, those tags what are appended by policies appears on UI and Powershell. Not before.
I have tested this and even next day or after two days those tags and values not appear in resource before updating tags.
So if you want those tags and values shown…
1 vote -
Azure Resource Graph - Caputure users/owners info for all resource types
It would be great to add ability to capture the user/owner information for all resource types in Resource Graph. Currently, for a lot of resource types, e.g., Machine Learning Services Workspace, etc., the user/owner information is not available in the resource graph. Which is a critical information a lot of customers are looking for.
1 vote -
Azure Resource Graph: Incorporate more Tabular operators from Kusto, like Join
Per https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabular-operators - there's a limited selected of Tabular operators that work in Azure Resource Graph. It would be beneficial if additional operators, such as Join, are supported.
Example: If I wanted to pull all VMs and their private IP address, I would need to join the VM with the NIC resource to pull both properties in a single report1 vote
- Don't see your idea?